package org.jgs1904.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * @author 墨苍璃
 * @date 2022年06月29日21时03分
 * <p>
 * shiro 授权
 */
@Controller
public class AuthorizationController {

    /**
     * shiro 授权
     *
     * @return
     */
    @RequestMapping("/authorization")
    @ResponseBody
    public String authorization(String username, String pwd) {

        //1.获取SecurityManager对象
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        IniRealm iniRealm = new IniRealm("classpath:authorizationshiro.ini");
        defaultSecurityManager.setRealm(iniRealm);

        //2.获取Subject对象
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        Subject subject = SecurityUtils.getSubject();

        //3.调用登录认证方法
        //创建对象存储认证信息
        AuthenticationToken token = new UsernamePasswordToken(username, pwd);

        //完成登录认证
        try {
            //login()方法没有返回值，只能通过是否有异常判断是否登录成功。
            subject.login(token);

            //授权认证
            //角色判断
            boolean role1 = subject.hasRole("role1");
            System.out.println("判断是否具备角色:" + role1);

            //权限判断,如果认证成功的用户有权限则正常执行，没有则报错
            //subject.checkPermission("sys:user:insert");
            //权限判断，返回boolean值，true表示具备，false表示不具备
            boolean permitted = subject.isPermitted("sys:user:insert");
            System.out.println("权限判断结果:" + permitted);

            return "登录成功";
        } catch (UnknownAccountException e) {
            System.out.println("账号不存在");
            return "账号不存在";
        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误");
            return "密码错误";
        }

    }

    
    /**
     * 定义全局 subject
     */
    Subject subject;


    /**
     * shiro 授权  代码优化
     *
     * @return
     */
    @RequestMapping("/authorization1")
    public String authorization1(String username, String pwd) {

        //1.获取SecurityManager对象
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();
        IniRealm iniRealm = new IniRealm("classpath:authorizationshiro.ini");
        defaultSecurityManager.setRealm(iniRealm);

        //2.获取Subject对象
        SecurityUtils.setSecurityManager(defaultSecurityManager);
        subject = SecurityUtils.getSubject();

        //3.调用登录认证方法
        //创建对象存储认证信息
        AuthenticationToken token = new UsernamePasswordToken(username, pwd);

        //完成登录认证
        try {
            //login()方法没有返回值，只能通过是否有异常判断是否登录成功。
            subject.login(token);

            //重定向 到授权方法
            return "redirect:/userSq";
        } catch (UnknownAccountException e) {
            System.out.println("账号不存在");
            return "账号不存在";
        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误");
            return "密码错误";
        }

    }


    @RequestMapping("userSq")
    @ResponseBody
    public String userSq() {

        //授权认证
        //角色判断
        boolean role1 = subject.hasRole("role1");
        System.out.println("判断是否具备角色:" + role1);

        //权限判断
        //如果认证成功的用户有权限则正常执行，没有则报错
        //subject.checkPermission("sys:user:insert");
        boolean permitted = subject.isPermitted("sys:user:insert");

        //权限判断，返回boolean值，true表示具备，false表示不具备
        System.out.println("权限判断结果:" + permitted);

        return "授权的角色判断结果:" + role1 + "权限判断结果:" + permitted;

    }

}
